Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2012.0763.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:0763-1)
Summary:The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2012:0763-1 advisory.
Description:Summary:
The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2012:0763-1 advisory.

Vulnerability Insight:
This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files:

* CVE-2012-0259 / CVE-2012-1610: Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count.
* CVE-2012-0247 / CVE-2012-1185: Integer overflows via
'number_bytes' and 'offset' could lead to memory corruption. CVE-2012-0248 / CVE-2012-1186: Denial of service via 'profile.c'.
* CVE-2012-0260: Denial of service via JPEG restart markers (excessive CPU consumption).
* CVE-2012-1798: Copying of invalid memory when reading TIFF EXIF IFD.

Security Issue references:

* CVE-2012-0247
>
* CVE-2012-0248
>
* CVE-2012-1185
>
* CVE-2012-1186
>
* CVE-2012-0259
>
* CVE-2012-0260
>
* CVE-2012-1798
>
* CVE-2012-1610
>

Affected Software/OS:
'ImageMagick' package(s) on SUSE Linux Enterprise Desktop 11 SP1, SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Software Development Kit 11 SP1, SUSE Linux Enterprise Software Development Kit 11 SP2.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0247
Debian Security Information: DSA-2427 (Google Search)
http://www.debian.org/security/2012/dsa-2427
http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml
http://www.cert.fi/en/reports/2012/vulnerability595210.html
http://www.osvdb.org/79003
RedHat Security Advisories: RHSA-2012:0544
http://rhn.redhat.com/errata/RHSA-2012-0544.html
RedHat Security Advisories: RHSA-2012:0545
http://rhn.redhat.com/errata/RHSA-2012-0545.html
http://www.securitytracker.com/id?1027032
http://secunia.com/advisories/47926
http://secunia.com/advisories/48247
http://secunia.com/advisories/48259
http://secunia.com/advisories/49043
http://secunia.com/advisories/49063
http://secunia.com/advisories/49068
http://ubuntu.com/usn/usn-1435-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0248
BugTraq ID: 51957
http://www.securityfocus.com/bid/51957
Common Vulnerability Exposure (CVE) ID: CVE-2012-0259
BugTraq ID: 52898
http://www.securityfocus.com/bid/52898
Debian Security Information: DSA-2462 (Google Search)
http://www.debian.org/security/2012/dsa-2462
http://www.cert.fi/en/reports/2012/vulnerability635606.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259
http://www.osvdb.org/81021
http://secunia.com/advisories/48679
http://secunia.com/advisories/48974
http://secunia.com/advisories/49317
http://secunia.com/advisories/55035
SuSE Security Announcement: openSUSE-SU-2012:0692 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html
XForce ISS Database: imagemagick-jpegexif-dos(74657)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74657
Common Vulnerability Exposure (CVE) ID: CVE-2012-0260
http://www.osvdb.org/81022
http://secunia.com/advisories/57224
http://www.ubuntu.com/usn/USN-2132-1
XForce ISS Database: imagemagick-jpegwarninghandler-dos(74658)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74658
Common Vulnerability Exposure (CVE) ID: CVE-2012-1185
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185
http://www.openwall.com/lists/oss-security/2012/03/19/5
http://www.osvdb.org/80556
XForce ISS Database: imagemagick-profile-code-execution(76140)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76140
Common Vulnerability Exposure (CVE) ID: CVE-2012-1186
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186
http://www.osvdb.org/80555
XForce ISS Database: imagemagick-syncimageprofiles-dos(76139)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76139
Common Vulnerability Exposure (CVE) ID: CVE-2012-1610
http://www.openwall.com/lists/oss-security/2012/04/04/6
http://www.osvdb.org/81024
XForce ISS Database: imagemagick-getexifproperty-dos(74660)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74660
Common Vulnerability Exposure (CVE) ID: CVE-2012-1798
http://www.osvdb.org/81023
XForce ISS Database: imagemagick-tiffexififd-dos(74659)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74659
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.